Page Content

Near the Root of Cybersecurity Dysfunction


I’ve been missing from the CERIAS blog for much of the last year+ as I enjoyed a long-overdue sabbatical.

While I was away, I was going through some materials in my account and found slides from a talk I was giving many years ago. I referenced those in a post back in February, entitled A Common Theme. I polished that up a little, gave it a few times, and then presented it in the CERIAS Security Seminar when I returned to campus this fall.

Basically, I attribute a large portion of why we continue to have problems in what we call “cybersecurity” is that we don’t have a precise—and agreed-upon—definition of “security.” Coupled with that, we don’t have agreed-upon characteristics, nor do we have well-defined metrics. The result is that we can’t tell if something addresses needs, we have no idea if the money we spent has made a difference that corresponds to the outlay, and we can’t compare different approaches. That is simply the start!

If you want to watch the presentation then visit this link. (Note that we have videos of presentations going back 15 years—over 400 videos—all available at no charge!)